Allow libsepol C++ static library on device.

Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
dcashman 2014-12-16 11:44:41 -08:00 committed by Stephen Smalley
parent 1d71622a37
commit ed7a6ba24a
47 changed files with 193 additions and 35 deletions

View File

@ -1575,7 +1575,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
goto bad;
}
class_perm_node_init(perm);
perm->class = i + 1;
perm->tclass = i + 1;
perm->data = datum->s.value;
perm->next = avrule->perms;
avrule->perms = perm;
@ -1796,7 +1796,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
goto out;
}
class_perm_node_init(cur_perms);
cur_perms->class = i + 1;
cur_perms->tclass = i + 1;
if (!perms)
perms = cur_perms;
if (tail)

View File

@ -269,7 +269,7 @@ int display_avrule(avrule_t * avrule, policydb_t * policy,
cur = avrule->perms;
while (cur) {
display_id(policy, fp, SYM_CLASSES, cur->class - 1, "");
display_id(policy, fp, SYM_CLASSES, cur->tclass - 1, "");
cur = cur->next;
}
@ -278,7 +278,7 @@ int display_avrule(avrule_t * avrule, policydb_t * policy,
fprintf(fp, " ");
if (avrule->specified & (AVRULE_AV | AVRULE_NEVERALLOW)) {
render_access_mask(avrule->perms->data, avrule->perms->class,
render_access_mask(avrule->perms->data, avrule->perms->tclass,
policy, fp);
} else if (avrule->specified & AVRULE_TYPE) {
display_id(policy, fp, SYM_TYPES, avrule->perms->data - 1, "");

View File

@ -95,3 +95,14 @@ LOCAL_SHARED_LIBRARIES := libsepol
LOCAL_MODULE_CLASS := EXECUTABLES
include $(BUILD_HOST_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_MODULE := libsepol
LOCAL_MODULE_TAGES := optional
LOCAL_C_INCLUDES := $(common_includes)
LOCAL_CFLAGS := $(common_cflags)
LOCAL_SRC_FILES := $(common_src_files)
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
include $(BUILD_STATIC_LIBRARY)

View File

@ -3,6 +3,9 @@
#include <stddef.h>
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
struct sepol_bool;
struct sepol_bool_key;
@ -48,4 +51,5 @@ extern int sepol_bool_clone(sepol_handle_t * handle,
extern void sepol_bool_free(sepol_bool_t * boolean);
__END_DECLS
#endif

View File

@ -5,6 +5,9 @@
#include <sepol/policydb.h>
#include <sepol/boolean_record.h>
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/*--------------compatibility--------------*/
@ -56,4 +59,5 @@ extern int sepol_bool_iterate(sepol_handle_t * handle,
int (*fn) (const sepol_bool_t * boolean,
void *fn_arg), void *arg);
__END_DECLS
#endif

View File

@ -4,6 +4,9 @@
#include <sepol/context_record.h>
#include <sepol/policydb.h>
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/* -- Deprecated -- */
@ -22,4 +25,6 @@ extern int sepol_mls_contains(sepol_handle_t * handle,
extern int sepol_mls_check(sepol_handle_t * handle,
const sepol_policydb_t * policydb, const char *mls);
__END_DECLS
#endif

View File

@ -2,6 +2,9 @@
#define _SEPOL_CONTEXT_RECORD_H_
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
struct sepol_context;
typedef struct sepol_context sepol_context_t;
@ -50,4 +53,5 @@ extern int sepol_context_from_string(sepol_handle_t * handle,
extern int sepol_context_to_string(sepol_handle_t * handle,
const sepol_context_t * con, char **str_ptr);
__END_DECLS
#endif

View File

@ -2,6 +2,9 @@
#define _SEPOL_DEBUG_H_
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/* Deprecated */
extern void sepol_debug(int on);
@ -31,4 +34,6 @@ extern void sepol_msg_set_callback(sepol_handle_t * handle,
handle,
const char *fmt, ...),
void *msg_callback_arg);
__END_DECLS
#endif

View File

@ -4,6 +4,9 @@
#define __sepol_errno_h__
#include <errno.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
#define SEPOL_OK 0
@ -22,4 +25,5 @@
#define SEPOL_EEXIST -EEXIST
#define SEPOL_ENOENT -ENOENT
__END_DECLS
#endif

View File

@ -1,6 +1,10 @@
#ifndef _SEPOL_HANDLE_H_
#define _SEPOL_HANDLE_H_
#include <sys/cdefs.h>
__BEGIN_DECLS
struct sepol_handle;
typedef struct sepol_handle sepol_handle_t;
@ -31,4 +35,5 @@ int sepol_get_preserve_tunables(sepol_handle_t * sh);
* 0 is default and discard such branch, 1 preserves them */
void sepol_set_preserve_tunables(sepol_handle_t * sh, int preserve_tunables);
__END_DECLS
#endif

View File

@ -3,6 +3,9 @@
#include <sepol/handle.h>
#include <sepol/context_record.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
struct sepol_iface;
struct sepol_iface_key;
@ -56,4 +59,5 @@ extern int sepol_iface_clone(sepol_handle_t * handle,
extern void sepol_iface_free(sepol_iface_t * iface);
__END_DECLS
#endif

View File

@ -4,6 +4,9 @@
#include <sepol/policydb.h>
#include <sepol/iface_record.h>
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/* Return the number of interfaces */
extern int sepol_iface_count(sepol_handle_t * handle,
@ -40,4 +43,5 @@ extern int sepol_iface_iterate(sepol_handle_t * handle,
int (*fn) (const sepol_iface_t * iface,
void *fn_arg), void *arg);
__END_DECLS
#endif

View File

@ -7,6 +7,9 @@
#include <sepol/handle.h>
#include <sepol/policydb.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
struct sepol_module_package;
typedef struct sepol_module_package sepol_module_package_t;
@ -79,4 +82,5 @@ extern int sepol_expand_module(sepol_handle_t * handle,
sepol_policydb_t * base,
sepol_policydb_t * out, int verbose, int check);
__END_DECLS
#endif

View File

@ -4,6 +4,9 @@
#include <stddef.h>
#include <sepol/context_record.h>
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
struct sepol_node;
struct sepol_node_key;
@ -89,4 +92,5 @@ extern int sepol_node_clone(sepol_handle_t * handle,
extern void sepol_node_free(sepol_node_t * node);
__END_DECLS
#endif

View File

@ -4,6 +4,9 @@
#include <sepol/handle.h>
#include <sepol/policydb.h>
#include <sepol/node_record.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/* Return the number of nodes */
extern int sepol_node_count(sepol_handle_t * handle,
@ -37,4 +40,5 @@ extern int sepol_node_iterate(sepol_handle_t * handle,
int (*fn) (const sepol_node_t * node,
void *fn_arg), void *arg);
__END_DECLS
#endif

View File

@ -5,6 +5,9 @@
#include <stdio.h>
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
struct sepol_policy_file;
typedef struct sepol_policy_file sepol_policy_file_t;
@ -141,4 +144,5 @@ extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
*/
extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
__END_DECLS
#endif

View File

@ -21,6 +21,9 @@
#define _SEPOL_AVRULE_BLOCK_H_
#include <sepol/policydb/policydb.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
extern avrule_block_t *avrule_block_create(void);
extern void avrule_block_destroy(avrule_block_t * x);
@ -34,4 +37,5 @@ extern cond_list_t *get_decl_cond_list(policydb_t * p,
extern int is_id_enabled(char *id, policydb_t * p, int symbol_table);
extern int is_perm_enabled(char *class_id, char *perm_id, policydb_t * p);
__END_DECLS
#endif

View File

@ -40,9 +40,12 @@
#ifndef _SEPOL_POLICYDB_AVTAB_H_
#define _SEPOL_POLICYDB_AVTAB_H_
#include <sys/cdefs.h>
#include <sys/types.h>
#include <stdint.h>
__BEGIN_DECLS
typedef struct avtab_key {
uint16_t source_type;
uint16_t target_type;
@ -123,6 +126,7 @@ extern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified);
/* avtab_alloc uses one bucket per 2-4 elements, so adjust to get maximum buckets */
#define MAX_AVTAB_SIZE (MAX_AVTAB_HASH_BUCKETS << 1)
__END_DECLS
#endif /* _AVTAB_H_ */
/* FLASK */

View File

@ -25,6 +25,9 @@
#include <sepol/policydb/avtab.h>
#include <sepol/policydb/symtab.h>
#include <sepol/policydb/policydb.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
#define COND_EXPR_MAXDEPTH 10
@ -133,4 +136,5 @@ extern int cond_read_list(policydb_t * p, cond_list_t ** list, void *fp);
extern void cond_compute_av(avtab_t * ctab, avtab_key_t * key,
struct sepol_av_decision *avd);
__END_DECLS
#endif /* _CONDITIONAL_H_ */

View File

@ -1,4 +1,3 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* FLASK */
@ -23,6 +22,8 @@
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/flask_types.h>
__BEGIN_DECLS
#define CEXPR_MAXDEPTH 5
struct type_set;
@ -72,6 +73,7 @@ struct policydb;
extern int constraint_expr_init(constraint_expr_t * expr);
extern void constraint_expr_destroy(constraint_expr_t * expr);
__END_DECLS
#endif /* _CONSTRAINT_H_ */
/* FLASK */

View File

@ -1,4 +1,3 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* FLASK */
@ -23,6 +22,8 @@
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/mls_types.h>
__BEGIN_DECLS
/*
* A security context consists of an authenticated user
* identity, a role, a type and a MLS range.
@ -94,4 +95,5 @@ static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
(c1->type == c2->type) && mls_context_cmp(c1, c2));
}
__END_DECLS
#endif

View File

@ -1,4 +1,3 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* FLASK */
@ -20,6 +19,9 @@
#include <stdint.h>
#include <string.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
#define MAPTYPE uint64_t /* portion of bitmap in each node */
#define MAPSIZE (sizeof(MAPTYPE) * 8) /* number of bits in node bitmap */
@ -89,6 +91,7 @@ extern int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value);
extern void ebitmap_destroy(ebitmap_t * e);
extern int ebitmap_read(ebitmap_t * e, void *fp);
__END_DECLS
#endif /* _EBITMAP_H_ */
/* FLASK */

View File

@ -28,6 +28,9 @@
#include <stddef.h>
#include <sepol/handle.h>
#include <sepol/policydb/conditional.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/*
* Expand only the avrules for a module. It is valid for this function
@ -76,4 +79,5 @@ extern int expand_avtab(policydb_t * p, avtab_t * a, avtab_t * expa);
extern int expand_cond_av_list(policydb_t * p, cond_av_list_t * l,
cond_av_list_t ** newl, avtab_t * expa);
__END_DECLS
#endif

View File

@ -1,4 +1,3 @@
/* -*- linux-c -*- */
/*
@ -14,6 +13,9 @@
#include <sys/types.h>
#include <stdint.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/*
* A security context is a set of security attributes
@ -59,4 +61,5 @@ struct sepol_av_decision {
uint32_t seqno;
};
__END_DECLS
#endif

View File

@ -1,4 +1,3 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* FLASK */
@ -18,6 +17,9 @@
#include <stdint.h>
#include <stdio.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
typedef char *hashtab_key_t; /* generic key type */
typedef void *hashtab_datum_t; /* generic datum type */
@ -134,4 +136,5 @@ extern void hashtab_map_remove_on_error(hashtab_t h,
extern void hashtab_hash_eval(hashtab_t h, char *tag);
__END_DECLS
#endif

View File

@ -26,7 +26,11 @@
#define _SEPOL_POLICYDB_HIERARCHY_H_
#include <sepol/policydb/policydb.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
extern int hierarchy_check_constraints(sepol_handle_t * handle, policydb_t * p);
__END_DECLS
#endif

View File

@ -12,9 +12,13 @@
#include <stddef.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
extern int link_modules(sepol_handle_t * handle,
policydb_t * b, policydb_t ** mods, int len,
int verbose);
__END_DECLS
#endif

View File

@ -1,4 +1,3 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
@ -35,6 +34,9 @@
#include <stdlib.h>
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/flask_types.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
typedef struct mls_level {
uint32_t sens; /* sensitivity */
@ -150,4 +152,5 @@ extern void mls_semantic_range_init(mls_semantic_range_t *r);
extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
__END_DECLS
#endif

View File

@ -27,9 +27,12 @@
#include <sepol/policydb/policydb.h>
#include <sepol/policydb/conditional.h>
#include <sys/cdefs.h>
#define SEPOL_MODULE_PACKAGE_MAGIC 0xf97cff8f
__BEGIN_DECLS
struct sepol_module_package {
sepol_policydb_t *policy;
uint32_t version;
@ -45,4 +48,5 @@ struct sepol_module_package {
extern int sepol_module_package_init(sepol_module_package_t * p);
__END_DECLS
#endif

View File

@ -1,6 +1,10 @@
#ifndef _SEPOL_POLICYDB_POLCAPS_H_
#define _SEPOL_POLICYDB_POLCAPS_H_
#include <sys/cdefs.h>
__BEGIN_DECLS
/* Policy capabilities */
enum {
POLICYDB_CAPABILITY_NETPEER,
@ -17,4 +21,5 @@ extern int sepol_polcap_getnum(const char *name);
/* Convert a capability number to name. */
extern const char *sepol_polcap_getname(int capnum);
__END_DECLS
#endif /* _SEPOL_POLICYDB_POLCAPS_H_ */

View File

@ -1,4 +1,3 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/*
@ -62,6 +61,7 @@
#include <sepol/policydb/context.h>
#include <sepol/policydb/constraint.h>
#include <sepol/policydb/sidtab.h>
#include <sys/cdefs.h>
#define ERRMSG_LEN 1024
@ -69,6 +69,8 @@
#define POLICYDB_ERROR -1
#define POLICYDB_UNSUPPORTED -2
__BEGIN_DECLS
/*
* A datum type is defined for each kind of symbol
* in the configuration data: individual permissions,
@ -234,7 +236,7 @@ typedef struct cond_node cond_list_t;
struct cond_av_list;
typedef struct class_perm_node {
uint32_t class;
uint32_t tclass;
uint32_t data; /* permissions or new type */
struct class_perm_node *next;
} class_perm_node_t;
@ -742,7 +744,7 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
#define POLICYDB_MOD_MAGIC SELINUX_MOD_MAGIC
#define POLICYDB_MOD_STRING "SE Linux Module"
__END_DECLS
#endif /* _POLICYDB_H_ */
/* FLASK */

View File

@ -15,6 +15,9 @@
#include <sepol/policydb/flask_types.h>
#include <sepol/policydb/policydb.h>
#include <stddef.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/* Set the policydb and sidtab structures to be used by
the service functions. If not set, then these default
@ -227,4 +230,5 @@ extern int sepol_genfs_sid(const char *fstype, /* IN */
sepol_security_class_t sclass, /* IN */
sepol_security_id_t * sid); /* OUT */
__END_DECLS
#endif

View File

@ -1,4 +1,3 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* FLASK */
@ -12,6 +11,9 @@
#define _SEPOL_POLICYDB_SIDTAB_H_
#include <sepol/policydb/context.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
typedef struct sidtab_node {
sepol_security_id_t sid; /* security identifier */
@ -67,6 +69,7 @@ extern void sepol_sidtab_set(sidtab_t * dst, sidtab_t * src);
extern void sepol_sidtab_shutdown(sidtab_t * s);
__END_DECLS
#endif /* _SIDTAB_H_ */
/* FLASK */

View File

@ -14,6 +14,9 @@
#define _SEPOL_POLICYDB_SYMTAB_H_
#include <sepol/policydb/hashtab.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/* The symtab_datum struct stores the common information for
* all symtab datums. It should the first element in every
@ -34,6 +37,7 @@ typedef struct {
extern int symtab_init(symtab_t *, unsigned int size);
extern void symtab_destroy(symtab_t *);
__END_DECLS
#endif /* _SYMTAB_H_ */
/* FLASK */

View File

@ -23,9 +23,14 @@
#ifndef __SEPOL_UTIL_H__
#define __SEPOL_UTIL_H__
#include <sys/cdefs.h>
__BEGIN_DECLS
extern int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a);
extern char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
sepol_access_vector_t av);
__END_DECLS
#endif

View File

@ -3,6 +3,9 @@
#include <sepol/context_record.h>
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
struct sepol_port;
struct sepol_port_key;
@ -63,4 +66,5 @@ extern int sepol_port_clone(sepol_handle_t * handle,
extern void sepol_port_free(sepol_port_t * port);
__END_DECLS
#endif

View File

@ -4,6 +4,9 @@
#include <sepol/handle.h>
#include <sepol/policydb.h>
#include <sepol/port_record.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/* Return the number of ports */
extern int sepol_port_count(sepol_handle_t * handle,
@ -37,4 +40,5 @@ extern int sepol_port_iterate(sepol_handle_t * handle,
int (*fn) (const sepol_port_t * port,
void *fn_arg), void *arg);
__END_DECLS
#endif

View File

@ -1,10 +1,15 @@
#ifndef _SEPOL_ROLES_H_
#define _SEPOL_ROLES_H_
#include <sys/cdefs.h>
__BEGIN_DECLS
extern int sepol_role_exists(const sepol_policydb_t * policydb,
const char *role, int *response);
extern int sepol_role_list(const sepol_policydb_t * policydb,
char ***roles, unsigned int *nroles);
__END_DECLS
#endif

View File

@ -3,6 +3,9 @@
#include <stddef.h>
#include <stdio.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
#include <sepol/user_record.h>
#include <sepol/context_record.h>
@ -25,4 +28,5 @@
/* Set internal policydb from a file for subsequent service calls. */
extern int sepol_set_policydb_from_file(FILE * fp);
__END_DECLS
#endif

View File

@ -3,6 +3,9 @@
#include <stddef.h>
#include <sepol/handle.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
struct sepol_user;
struct sepol_user_key;
@ -73,4 +76,5 @@ extern int sepol_user_clone(sepol_handle_t * handle,
extern void sepol_user_free(sepol_user_t * user);
__END_DECLS
#endif

View File

@ -5,6 +5,9 @@
#include <sepol/user_record.h>
#include <sepol/handle.h>
#include <stddef.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
/*---------compatibility------------*/
@ -54,4 +57,5 @@ extern int sepol_user_iterate(sepol_handle_t * handle,
int (*fn) (const sepol_user_t * user,
void *fn_arg), void *arg);
__END_DECLS
#endif

View File

@ -38,22 +38,22 @@ static void report_failure(sepol_handle_t *handle, policydb_t *p,
avrule->source_line, avrule->source_filename, avrule->line,
p->p_type_val_to_name[stype],
p->p_type_val_to_name[ttype],
p->p_class_val_to_name[curperm->class - 1],
sepol_av_to_string(p, curperm->class,
p->p_class_val_to_name[curperm->tclass - 1],
sepol_av_to_string(p, curperm->tclass,
node->datum.data & curperm->data));
} else if (avrule->line) {
ERR(handle, "neverallow on line %lu violated by allow %s %s:%s {%s };",
avrule->line, p->p_type_val_to_name[stype],
p->p_type_val_to_name[ttype],
p->p_class_val_to_name[curperm->class - 1],
sepol_av_to_string(p, curperm->class,
p->p_class_val_to_name[curperm->tclass - 1],
sepol_av_to_string(p, curperm->tclass,
node->datum.data & curperm->data));
} else {
ERR(handle, "neverallow violated by allow %s %s:%s {%s };",
p->p_type_val_to_name[stype],
p->p_type_val_to_name[ttype],
p->p_class_val_to_name[curperm->class - 1],
sepol_av_to_string(p, curperm->class,
p->p_class_val_to_name[curperm->tclass - 1],
sepol_av_to_string(p, curperm->tclass,
node->datum.data & curperm->data));
}
}
@ -72,7 +72,7 @@ static unsigned long check_assertion_helper(sepol_handle_t * handle,
for (curperm = avrule->perms; curperm != NULL; curperm = curperm->next) {
avkey.source_type = stype + 1;
avkey.target_type = ttype + 1;
avkey.target_class = curperm->class;
avkey.target_class = curperm->tclass;
avkey.specified = AVTAB_ALLOWED;
for (node = avtab_search_node(te_avtab, &avkey);
node != NULL;

View File

@ -1679,7 +1679,7 @@ static int expand_terule_helper(sepol_handle_t * handle,
typemap ? typemap[cur->data - 1] : cur->data;
avkey.source_type = stype + 1;
avkey.target_type = ttype + 1;
avkey.target_class = cur->class;
avkey.target_class = cur->tclass;
avkey.specified = spec;
conflict = 0;
@ -1791,7 +1791,7 @@ static int expand_avrule_helper(sepol_handle_t * handle,
while (cur) {
avkey.source_type = stype + 1;
avkey.target_type = ttype + 1;
avkey.target_class = cur->class;
avkey.target_class = cur->tclass;
avkey.specified = spec;
node = find_avtab_node(handle, avtab, &avkey, cond);
@ -2574,8 +2574,8 @@ static int copy_neverallow(policydb_t * dest_pol, uint32_t * typemap,
if (!new_perm)
goto err;
class_perm_node_init(new_perm);
new_perm->class = cur_perm->class;
assert(new_perm->class);
new_perm->tclass = cur_perm->tclass;
assert(new_perm->tclass);
/* once we have modules with permissions we'll need to map the permissions (and classes) */
new_perm->data = cur_perm->data;

View File

@ -1293,21 +1293,21 @@ static int copy_avrule_list(avrule_t * list, avrule_t ** dst,
}
class_perm_node_init(new_perm);
new_perm->class =
module->map[SYM_CLASSES][cur_perm->class - 1];
assert(new_perm->class);
new_perm->tclass =
module->map[SYM_CLASSES][cur_perm->tclass - 1];
assert(new_perm->tclass);
if (new_rule->specified & AVRULE_AV) {
for (i = 0;
i <
module->perm_map_len[cur_perm->class - 1];
module->perm_map_len[cur_perm->tclass - 1];
i++) {
if (!(cur_perm->data & (1U << i)))
continue;
new_perm->data |=
(1U <<
(module->
perm_map[cur_perm->class - 1][i] -
perm_map[cur_perm->tclass - 1][i] -
1));
}
} else {

View File

@ -3039,7 +3039,7 @@ static avrule_t *avrule_read(policydb_t * p
goto bad;
}
cur->class = le32_to_cpu(buf[0]);
cur->tclass = le32_to_cpu(buf[0]);
cur->data = le32_to_cpu(buf[1]);
if (!tail) {

View File

@ -1514,7 +1514,7 @@ static int avrule_write(avrule_t * avrule, struct policy_file *fp)
cur = avrule->perms;
while (cur) {
items = 0;
buf[items++] = cpu_to_le32(cur->class);
buf[items++] = cpu_to_le32(cur->tclass);
buf[items++] = cpu_to_le32(cur->data);
items2 = put_entry(buf, sizeof(uint32_t), items, fp);
if (items2 != items)

View File

@ -538,7 +538,7 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const
for (classperm = classperms; classperm != NULL; classperm = classperm->next) {
if (type & AVRULE_AV) {
perms = sepol_av_to_string(pdb, classperm->class, classperm->data);
perms = sepol_av_to_string(pdb, classperm->tclass, classperm->data);
if (perms == NULL) {
log_err("Failed to generate permission string");
rc = -1;
@ -546,12 +546,12 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const
}
cil_println(indent, "(%s %s %s (%s (%s)))",
rule, src, tgt,
pdb->p_class_val_to_name[classperm->class - 1],
pdb->p_class_val_to_name[classperm->tclass - 1],
perms + 1);
} else {
cil_println(indent, "(%s %s %s %s %s)",
rule, src, tgt,
pdb->p_class_val_to_name[classperm->class - 1],
pdb->p_class_val_to_name[classperm->tclass - 1],
pdb->p_type_val_to_name[classperm->data - 1]);
}
}